What happened
PR #3408 (#3408) was an automated MintMaker dependency digest update. The branch followed the konflux/mintmaker/* naming pattern. The change was limited to updating a git commit digest in .tekton/cli-e2e-pull-request.yaml — a single-line value change with no code logic impact.
The fullsend dispatch workflow in .github/workflows/fullsend.yaml triggered on this PR's pull_request_target event. The dispatch condition (github.event_name != 'issue_comment' || github.event.comment.user.type != 'Bot') only filters bot comments on issues — it does not filter bot-authored PRs. This means the full agent pipeline (triage, review, and retro stages) ran for a trivially safe automated dependency bump.
The retro agent itself is running right now on this PR, further demonstrating that automated dependency PRs flow through the entire agent pipeline unnecessarily.
What could go better
Automated dependency digest bumps from MintMaker and Renovate are high-volume, low-risk changes. They update pinned commit SHAs or container digests — there is no meaningful code to review. Running AI review agents on these PRs wastes tokens without adding value, since the actual validation is handled by CI (Tekton e2e tests, lint, and checks workflows).
The repo already has an auto-merge workflow (.github/workflows/auto-merge.yaml) that handles merging approved PRs, suggesting these dependency PRs are expected to flow through with minimal human intervention.
Uncertainty: Without GitHub API access, I could not verify (a) how many MintMaker/Renovate PRs are opened per week, (b) what agent comments were actually posted on this PR, or (c) whether the dispatch.yml in conforma/.fullsend already has bot-filtering logic. If dispatch.yml already skips bot PRs, this proposal is moot — but the shim workflow should still short-circuit early to avoid unnecessary workflow_call overhead.
Proposed change
Add a condition to the dispatch job in .github/workflows/fullsend.yaml to skip agent dispatch for known automated dependency PRs. Two approaches:
Option A — Branch name filter (recommended, simple):
dispatch:
if: >-
(github.event_name != 'issue_comment'
|| github.event.comment.user.type != 'Bot')
&& (github.event_name != 'pull_request_target'
|| (!startsWith(github.head_ref, 'konflux/mintmaker/')
&& !startsWith(github.head_ref, 'renovate/')))
Option B — Actor filter (broader):
Add && github.actor != 'konflux-mintmaker[bot]' (or the specific bot username) to the dispatch condition.
Option A is preferred because it is resilient to bot username changes and clearly communicates intent. Both the konflux/mintmaker/ and renovate/ branch prefixes should be excluded.
Note: If conforma/.fullsend dispatch.yml already filters these at the routing layer, this change still provides value by avoiding the workflow_call overhead entirely.
Validation criteria
- After the change, opening a PR from a
konflux/mintmaker/* or renovate/* branch should NOT trigger the fullsend dispatch job (verify via GitHub Actions run history).
- Regular PRs from human-authored branches should still trigger fullsend dispatch normally.
- The
/fs-fix and /fs-fix-stop comment commands should remain unaffected.
- CI workflows (checks-codecov, lint, Tekton pipelines) should continue to run normally on dependency PRs — only agent dispatch is skipped.
- Monitor token usage over 2 weeks — automated dependency PRs should no longer appear in agent run logs.
Generated by retro agent from #3408
What happened
PR #3408 (#3408) was an automated MintMaker dependency digest update. The branch followed the
konflux/mintmaker/*naming pattern. The change was limited to updating a git commit digest in.tekton/cli-e2e-pull-request.yaml— a single-line value change with no code logic impact.The fullsend dispatch workflow in
.github/workflows/fullsend.yamltriggered on this PR'spull_request_targetevent. The dispatch condition (github.event_name != 'issue_comment' || github.event.comment.user.type != 'Bot') only filters bot comments on issues — it does not filter bot-authored PRs. This means the full agent pipeline (triage, review, and retro stages) ran for a trivially safe automated dependency bump.The retro agent itself is running right now on this PR, further demonstrating that automated dependency PRs flow through the entire agent pipeline unnecessarily.
What could go better
Automated dependency digest bumps from MintMaker and Renovate are high-volume, low-risk changes. They update pinned commit SHAs or container digests — there is no meaningful code to review. Running AI review agents on these PRs wastes tokens without adding value, since the actual validation is handled by CI (Tekton e2e tests, lint, and checks workflows).
The repo already has an auto-merge workflow (
.github/workflows/auto-merge.yaml) that handles merging approved PRs, suggesting these dependency PRs are expected to flow through with minimal human intervention.Uncertainty: Without GitHub API access, I could not verify (a) how many MintMaker/Renovate PRs are opened per week, (b) what agent comments were actually posted on this PR, or (c) whether the dispatch.yml in
conforma/.fullsendalready has bot-filtering logic. If dispatch.yml already skips bot PRs, this proposal is moot — but the shim workflow should still short-circuit early to avoid unnecessary workflow_call overhead.Proposed change
Add a condition to the
dispatchjob in.github/workflows/fullsend.yamlto skip agent dispatch for known automated dependency PRs. Two approaches:Option A — Branch name filter (recommended, simple):
Option B — Actor filter (broader):
Add
&& github.actor != 'konflux-mintmaker[bot]'(or the specific bot username) to the dispatch condition.Option A is preferred because it is resilient to bot username changes and clearly communicates intent. Both the
konflux/mintmaker/andrenovate/branch prefixes should be excluded.Note: If
conforma/.fullsenddispatch.yml already filters these at the routing layer, this change still provides value by avoiding the workflow_call overhead entirely.Validation criteria
konflux/mintmaker/*orrenovate/*branch should NOT trigger the fullsend dispatch job (verify via GitHub Actions run history)./fs-fixand/fs-fix-stopcomment commands should remain unaffected.Generated by retro agent from #3408